Skip to main content
SpringerLink
Log in

Toward Design of an Intelligent Cyber Attack Detection System using Hybrid Feature Reduced Approach for IoT Networks

  • Research Article-Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

With simple connectivity and fast-growing demand of smart devices and networks, IoT has become more prone to cyber attacks. In order to detect and prevent cyber attacks in IoT networks, intrusion detection system (IDS) plays a crucial role. However, most of the existing IDS have dimensionality curse that reduces overall IoT systems efficiency. Hence, it is important to remove repetitive and irrelevant features while designing effective IDS. Motivated from aforementioned challenges, this paper presents an intelligent cyber attack detection system for IoT network using a novel hybrid feature reduced approach. This technique first performs feature ranking using correlation coefficient, random forest mean decrease accuracy and gain ratio to obtain three different feature sets. Then, features are combined using a suitably designed mechanism (AND operation), to obtain single optimized feature set. Finally, the obtained reduced feature set is fed to three well-known machine learning algorithms such as random forest, K-nearest neighbor and XGBoost for detection of cyber attacks. The efficiency of the proposed cyber attack detection framework is evaluated using NSL-KDD and two latest IoT-based datasets namely, BoT-IoT and DS2OS. Performance of the proposed framework is evaluated and compared with some recent state-of-the-art techniques found in literature, in terms of accuracy, detection rate (DR), precision and F1 score. Performance analysis using these three datasets shows that the proposed model has achieved DR up to 90%–100%, for most of the attack vectors that has close similarity to normal behaviors and accuracy above 99%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19

Similar content being viewed by others

References

  1. Tewari, A.; Gupta, B.: Security, privacy and trust of different layers in internet-of-things (IoTs) framework. Future Gener. Comput. Syst. 108, 909–920 (2020)

    Google Scholar 

  2. Tewari, A.; Gupta, B.: A novel ECC-based lightweight authentication protocol for internet of things devices. Int. J. High Perform. Comput. Netw. 15(1–2), 106–120 (2019)

    Google Scholar 

  3. Stergiou, C.; Psannis, K.E.; Gupta, B.B.; Ishibashi, Y.: Security, privacy and efficiency of sustainable cloud computing for big data and IoT. Sustain. Comput. Inform. Syst. 19, 174–184 (2018)

    Google Scholar 

  4. Stergiou, C.L.; Psannis, K.E.; Gupta, B.B.: IoT-based big data secure management in the fog over a 6G wireless network. IEEE Internet Things J. (2020). https://doi.org/10.1109/JIOT.2020.3033131

    Article  Google Scholar 

  5. Olakanmi, O.O.; Dada, A.: An efficient privacy-preserving approach for secure verifiable outsourced computing on untrusted platforms. Int. J. Cloud Appl. Comput. (IJCAC) 9(2), 79–98 (2019)

    Google Scholar 

  6. Etherington, D.; Conger, K.: Large DDoS attacks cause outages at Twitter, Spotify, and other sites. TechCrunch, Np, vol. 21 (2016)

  7. PentaSecurity, “Top 5 shocking IoT security breaches of 2019,” November 22. https://www.pentasecurity.com/blog/top-5-shocking-iot-security-breaches-2019/. Accessed 10 Nov 2019

  8. Jurcut, A.; Niculcea, T.; Ranaweera, P.; Le-Khac, N.-A.: Security considerations for internet of things: a survey. SN Comput. Sci. 1(4), 193 (2020). https://doi.org/10.1007/s42979-020-00201-310.1007/s42979-020-00201-310:1007/s42979-020-00201-3

    Article  Google Scholar 

  9. Eustis, A.G.: The Mirai Botnet and the importance of IoT device security. In: Latifi, S. (ed.) 16th International Conference on Information Technology-New Generations (ITNG 2019), pp. 85–89. Springer, Cham (2019)

  10. Sasan, H.P.S.; Sharma, M.: Intrusion detection using feature selection and machine learning algorithm with misuse detection. Int. J. Comput. Sci. Inf. Technol. 8(1), 17–25 (2016)

    Google Scholar 

  11. Sultana, N.; Chilamkurti, N.; Peng, W.; Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 12(2), 493–501 (2019)

    Google Scholar 

  12. Chaudhary, P.; Gupta, B. B.: DDoS detection framework in resource constrained internet of things domain. In: IEEE 8th Global Conference on Consumer Electronics (GCCE), pp. 675–678 (2019)

  13. Tahsien, S.M.; Karimipour, H.; Spachos, P.: Machine learning based solutions for security of internet of things (IoT): a survey. J. Netw. Comput. Appl. 161, 102630 (2020)

    Google Scholar 

  14. Sangkatsanee, P.; Wattanapongsakorn, N.; Charnsripinyo, C.: Practical real-time intrusion detection using machine learning approaches. Comput. Commun. 34(18), 2227–2235 (2011)

    Google Scholar 

  15. Ren, J.; Guo, J.; Qian, W.; Yuan, H.; Hao, X.; Jingjing, H.: Building an effective intrusion detection system by using hybrid data optimization based on machine learning algorithms. Secur. Commun. Netw. 2019, 7130868 (2019). https://doi.org/10.1155/2019/7130868

    Article  Google Scholar 

  16. Tama, B.A.; Rhee, K.-H.: HFSTE: hybrid feature selections and tree-based classifiers ensemble for intrusion detection system. IEICE Trans. Inf. Syst. 100(8), 1729–1737 (2017)

    Google Scholar 

  17. Gan, X.-S.; Duanmu, J.-S.; Wang, J.-F.; Cong, W.: Anomaly intrusion detection based on PLS feature extraction and core vector machine. Knowl. Based Syst. 40, 1–6 (2013)

    Google Scholar 

  18. Karami, A.; Guerrero-Zapata, M.: A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks. Neurocomputing 149, 1253–1269 (2015)

    Google Scholar 

  19. Chapaneri, R.; Shah, S.: A comprehensive survey of machine learning-based network intrusion detection. In: Satapathy, S.C., Bhateja, V., Das, S. (eds.) Smart Intelligent Computing and Applications, pp. 345–356. Springer, Singapore (2019)

    Google Scholar 

  20. Gupta, R.; Tanwar, S.; Tyagi, S.; Kumar, N.: Machine learning models for secure data analytics: a taxonomy and threat model. Comput. Commun. 153, 406–440 (2020)

    Google Scholar 

  21. Moustafa, N.; Hu, J.; Slay, J.: A holistic review of network anomaly detection systems: a comprehensive survey. J. Netw. Comput. Appl. 128, 33–55 (2019)

    Google Scholar 

  22. Pajouh, H.H.; Javidan, R.; Khayami, R.; Dehghantanha, A.; Choo, K.R.: A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans. Emerg. Top. Comput. 7(2), 314–323 (2019)

    Google Scholar 

  23. Eesa, A.S.; Orman, Z.; Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42(5), 2670–2679 (2015)

    Google Scholar 

  24. Kamarudin, M.H.; Maple, C.; Watson, T.: Hybrid feature selection technique for intrusion detection system. Int. J. High Perform. Comput. Netw. 13(2), 232–240 (2019)

    Google Scholar 

  25. Chandrashekar, G.; Sahin, F.: A survey on feature selection methods. Comput. Electr. Eng. 40(1), 16–28 (2014)

    Google Scholar 

  26. Manzoor, I.; Kumar, N.; et al.: A feature reduced intrusion detection system using ANN classifier. Expert Syst. Appl. 88, 249–257 (2017)

    Google Scholar 

  27. Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16(1), 303–336 (2013)

    Google Scholar 

  28. Remeseiro, B.; Bolon-Canedo, V.: A review of feature selection methods in medical applications. Comput. Biol. Med. 112, 103375 (2019)

    Google Scholar 

  29. Huang, J.; Cai, Y.; Xu, X.: A hybrid genetic algorithm for feature selection wrapper based on mutual information. Pattern Recogn. Lett. 28(13), 1825–1844 (2007)

    Google Scholar 

  30. Buczak, A.L.; Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2015)

    Google Scholar 

  31. Al-Garadi, M.A.; Mohamed, A.; Al-Ali, A.K.; Du, X.; Ali, I.; Guizani, M.: A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun. Surv. Tutor. 22(3), 1646–1685 (2020)

    Google Scholar 

  32. Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A. A.: A detailed analysis of the KDD cup 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE (2009)

  33. Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A.: The NSL-KDD data set. https://web.archive.org/web/20150205070216/. http://nsl.cs.unb.ca/NSL-KDD/. Accessed 10 Aug 2019

  34. Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B.: Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Future Gener. Comput. Syst. 100, 779–796 (2019)

    Google Scholar 

  35. Koroniotis, N.; Moustafa, N.; Sitnikova, E.; Turnbull, B.: The Bot-IoT dataset. https://cloudstor.aarnet.edu.au/plus/s/umT99TnxvbpkkoE (2018). Accessed 10 Sept 2019

  36. Pahl, M.-O.; Aubet, F.-X.: All eyes on you: distributed multi-dimensional IoT microservice anomaly detection. In: 14th International Conference on Network and Service Management (CNSM), pp. 72–80. IEEE (2018)

  37. Pahl, M.O.; Aubet, F.X.: DS2OS traffic traces. https://www.kaggle.com/francoisxa/ds2ostraffictraces (2018). Accessed 28 Sept 2019

  38. Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)

    Google Scholar 

  39. Wu, K.; Chen, Z.; Li, W.: A novel intrusion detection model for a massive network using convolutional neural networks. IEEE Access 6, 50 850–50 859 (2018)

    Google Scholar 

  40. Gao, X.; Shan, C.; Hu, C.; Niu, Z.; Liu, Z.: An adaptive ensemble machine learning model for intrusion detection. IEEE Access 7, 82 512–82 521 (2019)

    Google Scholar 

  41. Yang, Y.; Zheng, K.; Wu, C.; Niu, X.; Yang, Y.: Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks. Appl. Sci. 9(2), 238 (2019)

    Google Scholar 

  42. Zhang, C.; Ruan, F.; Yin, L.; Chen, X.; Zhai, L.; Liu, F.: A deep learning approach for network intrusion detection based on NSL-KDD dataset. In: IEEE 13th International Conference on Anti-counterfeiting, Security, and Identification (ASID), pp. 41–45. IEEE (2019)

  43. Tian, Q.; Han, D.; Li, K.-C.; Liu, X.; Duan, L.; Castiglione, A.: An intrusion detection approach based on improved deep belief network. Appl. Intell. (2020). https://doi.org/10.1007/s10489-020-01694-4

    Article  Google Scholar 

  44. Hasan, M.; Islam, M.M.; Zarif, M.I.I.; Hashem, M.: Attack and anomaly detection in IoT sensors in IoT sites using machine learning approaches. Internet Things 7, 100059 (2019)

    Google Scholar 

  45. Shafiq, M.; Tian, Z.; Sun, Y.; Du, X.; Guizani, M.: Selection of effective machine learning algorithm and Bot-IoT attacks traffic identification for internet of things in smart city. Future Gener. Comput. Syst. 107, 433–442 (2020)

    Google Scholar 

  46. Soe, Y.N.; Feng, Y.; Santosa, P.I.; Hartanto, R.; Sakurai, K.: Towards a lightweight detection system for cyber attacks in the IoT environment using corresponding features. Electronics 9(1), 144 (2020)

    Google Scholar 

  47. Kanakarajan, N.K.; Muniasamy, K.: Improving the accuracy of intrusion detection using gar-forest with feature selection. In: Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015, pp. 539–547. Springer (2016)

  48. Idhammad, M.; Afdel, K.; Belouch, M.: Semi-supervised machine learning approach for DDoS detection. Appl. Intell. 48(10), 3193–3208 (2018)

    Google Scholar 

  49. Latah, M.; Toker, L.: Towards an efficient anomaly-based intrusion detection for software-defined networks. IET Netw. 7(6), 453–459 (2018)

    Google Scholar 

  50. Staudemeyer, R.; Omlin, C.: Feature set reduction for automatic network intrusion detection with machine learning algorithms. In: Proceedings of the Southern African Telecommunication Networks and Applications Conference (SATNAC), p. 105 (2009)

  51. Latah, M.; Toker, L.: An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks. CoRR (2018). arXiv:1806.03875

  52. Al-Qatf, M.; Lasheng, Y.; Al-Habib, M.; Al-Sabahi, K.: Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 6, 52 843–52 856 (2018)

    Google Scholar 

  53. Tama, B.A.; Comuzzi, M.; Rhee, K.-H.: TSE-IDS: a two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access 7, 94 497–94 507 (2019)

    Google Scholar 

  54. Çavuşoğlu, Ü.: A new hybrid approach for intrusion detection using machine learning methods. Appl. Intell. 49(7), 2735–2761 (2019)

    Google Scholar 

  55. Chandak, T.; Shukla, S.; Wadhvani, R.: “An analysis of a feature reduced intrusion detection system using ANN classifier” by Akashdeep et al. expert systems with applications (2017). Expert Syst. Appl. 130, 79–83 (2019)

    Google Scholar 

  56. Kaja, N.; Shaout, A.; Ma, D.: An intelligent intrusion detection system. Appl. Intell. 49(9), 3235–3247 (2019)

    Google Scholar 

  57. Ghazy, R.A.; El-Rabaie, E.-S.M.; Dessouky, M.I.; El-Fishawy, N.A.; Abd El-Samie, F.E.: Feature selection ranking and subset-based techniques with different classifiers for intrusion detection. Wirel. Pers. Commun. 111(1), 375–393 (2020)

    Google Scholar 

  58. Mahfouz, A.M.; Venugopal, D.; Shiva, S.G.: Comparative analysis of ML classifiers for network intrusion detection. In: Fourth International Congress on Information and Communication Technology, pp. 193–207. Springer (2020)

  59. Su, T.; Sun, H.; Zhu, J.; Wang, S.; Li, Y.: BAT: deep learning methods on network intrusion detection using NSL-KDD dataset. IEEE Access 8, 29 575–29 585 (2020)

    Google Scholar 

  60. Hur, J.-H.; Ihm, S.-Y.; Park, Y.-H.: A variable impacts measurement in random forest for mobile cloud computing. Wirel. Commun. Mob. Comput. 2017, 6817627 (2017). https://doi.org/10.1155/2017/6817627

    Article  Google Scholar 

  61. Blessie, E.C.; Karthikeyan, E.: SIGMIS: a feature selection algorithm using correlation based method. J. Algorithms Comput. Technol. 6(3), 385–394 (2012)

    Google Scholar 

  62. Strobl, C.; Boulesteix, A.-L.; Zeileis, A.; Hothorn, T.: Bias in random forest variable importance measures: illustrations, sources and a solution. BMC Bioinform. 8(1), 25 (2007)

    Google Scholar 

  63. Dağ, H.; Sayin, K.E.; Yenidoğan, I.; Albayrak, S.; Acar, C.: Comparison of feature selection algorithms for medical data. In: International Symposium on Innovations in Intelligent Systems and Applications, pp. 1–5. IEEE (2012)

  64. Bao, R.-J.; Rong, H.-J.; Angelov, P.P.; Chen, B.; Wong, P.K.: Correntropy-based evolving fuzzy neural system. IEEE Trans. Fuzzy Syst. 26(3), 1324–1338 (2017)

    Google Scholar 

  65. Svetnik, V.; Liaw, A.; Tong, C.; Culberson, J.C.; Sheridan, R.P.; Feuston, B.P.: Random forest: a classification and regression tool for compound classification and QSAR modeling. J. Chem. Inf. Comput. Sci. 43(6), 1947–1958 (2003)

    Google Scholar 

  66. Louati, F.; Ktata, F.B.: A deep learning-based multi-agent system for intrusion detection. SN Appl. Sci. 2(4), 1–13 (2020)

    Google Scholar 

  67. Chen, T.; Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 785–794 (2016)

  68. CISA, “Security tip (st04-015) understanding denial-of-service attacks,” November 20. https://www.us-cert.gov/ncas/tips/ST04-015 (2019). Accessed 1 Feb 2020

  69. Letteri, I.; Penna, G.D.; Gasperis, G.D.: Security in the internet of things: botnet detection in software-defined networks by deep learning techniques. Int. J. High Perform. Comput. Netw. 15(3–4), 170–182 (2019)

    Google Scholar 

  70. Abomhara, M.; et al.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mob. 4(1), 65–88 (2015)

    Google Scholar 

  71. Jesudoss, A.; Subramaniam, N.: A survey on authentication attacks and countermeasures in a distributed environment. Indian J. Comput. Sci. Eng. (IJCSE) 5(2), 71–77 (2014)

    Google Scholar 

  72. Belavagi, M.C.; Muniyal, B.: Performance evaluation of supervised machine learning algorithms for intrusion detection. Procedia Comput. Sci. 89(2016), 117–123 (2016)

    Google Scholar 

  73. Ma, W.; Qu, H.; Zhao, J.: Estimator with forgetting factor of correntropy and recursive algorithm for traffic network prediction. In: 25th Chinese Control and Decision Conference (CCDC), pp. 490–494. IEEE (2013)

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, National Institute of Technology, Raipur, CG, 492010, India

    Prabhat Kumar, Govind P. Gupta & Rakesh Tripathi

Authors
  1. Prabhat Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Govind P. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rakesh Tripathi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Prabhat Kumar.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kumar, P., Gupta, G.P. & Tripathi, R. Toward Design of an Intelligent Cyber Attack Detection System using Hybrid Feature Reduced Approach for IoT Networks. Arab J Sci Eng 46, 3749–3778 (2021). https://doi.org/10.1007/s13369-020-05181-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-020-05181-3

Keywords

Search

Navigation